CVE-2024-14032

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: method to overwrite...

EUVD-2024-55535

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: method to overwrite...

Twitch Studio 安全漏洞

Twitch Studio is a simple streaming production and publishing software for live creators developed by the American company Twitch. Versions of Twitch Studio prior to 0.114.8 contain security vulnerabilities. These vulnerabilities stem from the unprotected XPC service in the privilege assistant...

PT-2026-30633

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: method to overwrite...

Dr.Buho BuhoCleaner 竞争条件问题漏洞

Dr.Buho BuhoCleaner is a system cleaning and optimization software developed by Dr.Buho Company in China. Version 1.15.2 of Dr.Buho BuhoCleaner contains a vulnerability related to race conditions, which stems from an insecure XPC service. This vulnerability may lead to privilege escalation...

CVE-2025-13733

BuhoNTFS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoNTFS: 1.3.2...

CVE-2025-13733 BuhoNTFS 1.3.2 - Local Privilege Escalation

BuhoNTFS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoNTFS: 1.3.2...

CVE-2025-65842

The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...

Plugin Alliance Aquarius HelperTool 安全漏洞

Plugin Alliance Aquarius HelperTool is an audio plugin helper tool from Plugin Alliance, Inc. A security vulnerability exists in Plugin Alliance Aquarius HelperTool version 1.0.003, which stems from the XPC service not validating the client's identity and flawed authorization logic, which could...

CVE-2025-11921 iStat Menus 7.10.4 - Local Privilege Escalation

iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4...

CVE-2025-11921

CVE-2025-11921 affects iStats (iStat Menus) 7.10.4, where an insecure XPC service allows local, unprivileged users to escalate to root via command injection. CVSS indicates local access with high impact on confidentiality, integrity, and availability. Public references identify a patch path; iSta...

Bjango iStats 安全漏洞

Bjango iStats is a system monitoring tool from Bjango Australia. A security vulnerability exists in Bjango iStats version 7.10.4, which originates from an insecure XPC service and could lead to elevation of privilege...

CVE-2025-11130

A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit h...

PT-2025-3867 · Unknown · Exelban Stats

Name of the Vulnerable Software and Affected Versions: exelban stats versions up to 2.11.21 Description: A critical issue has been found in the shouldAcceptNewConnection function of the XPC Service component, leading to command injection. This issue can be exploited locally. Recommendations: For...

PT-2024-10227

Name of the Vulnerable Software and Affected Versions MacOS affected versions not specified Description The issue is related to insufficient access control in the XPC service of MacOS operating systems. Exploitation of this issue may allow an attacker to execute arbitrary code and elevate their...

Veritas Enterprise Vault 代码问题漏洞

Veritas Enterprise Vault is an enterprise-class file protection, archive automation software from Veritas, Inc. A security vulnerability exists in Veritas Enterprise Vault 14.1.2 and prior versions, where Enterprise Vault applications start multiple services that listen on NET Remoting TCP port t...

Acronis True Image 安全漏洞

Acronis True Image is a famous data backup and restore software from Acronis Singapore. The software can be used to create drive and disk images and can restore the image when a clean system is needed. Acronis True Image suffers from a security vulnerability that stems from an insecure XPC servic...

Acronis True Image 安全漏洞

Acronis True Image is a famous data backup and restore software from Acronis Singapore. The software can be used to create drive and disk images and can restore the image when a clean system is needed. Acronis True Image suffers from a security vulnerability that stems from an insecure XPC servic...

IPVanish for macOS elevation of privilege vulnerability

IPVanish for macOS is a VPN software for anonymous access to the Internet based on the macOS platform. An elevation of privilege vulnerability exists in version 3.0.11 of IPVanish for macOS-based platforms, which stems from the 'com.ipvanish.osx.vpnhelper' LaunchDaemon implementation of the...